In a typical organization, 5 percent of revenue is lost to fraud, according to a 2012 global fraud study by the Association of Certified Fraud Examiners.
According to the study, fraud cases result in a median loss of approximately $140,000, with most lasting about 18 months before they’re detected. What surprises many companies is that it’s not the new hires who are commit fraud — it’s longtime employees.
“The ones that have been with you for 20 or 30 years are the most problematic,” says Scott Swearingen, a partner at Moss Adams LLP. “They’re trusted more, so more opportunities for fraud arise.”
“The ones that have been with you for 20 or 30 years are the most problematic,” says Scott Swearingen, a partner at Moss Adams LLP. “They’re trusted more, so more opportunities for fraud arise.”
Smart Business spoke with Swearingen about fraud cases he’s encountered and what business can do to prevent it.
Does fraud occur because of a lack of internal controls?
It can be difficult to set up procedures to catch everything. In one case a client received an anonymous letter that an employee was receiving kickbacks from vendors. After the employee quit, a vendor called, happy that they wouldn’t have to pay kickbacks anymore.
This particular kickback
involved delivery charges: The employee would add another hour or two for traffic and split the difference with the vendor. Cases involving collusion outside the company, such as kickback schemes, are difficult to uncover. More control or oversight of pricing or tracking may have allowed the client to see that one employee had more travel time compared to the company average or their peers.This theft was discovered because of an anonymous letter, but it might have been found sooner if the company had a 1-800 tip line. More companies are creating tip lines to make it easier for employees to anonymously report suspected fraud. Even more important in combating fraud is the tone at the top; any internal control structure has to start there.
Why is the tone at the top so important?
If the owner is very entrepreneurial and runs personal expenses through the business or is engaged in other activities that might not be legitimate in the eyes of a regulatory agency, employees see and think it’s OK. This effectively sanctions such behavior and allows employees to rationalize it.
Auditors refer to a fraud triangle where opportunity, rationalization and motive all exist. Unfortunately, we bucket things into thirds. One third of people would never steal, even given the opportunity; another third will look for chances to steal no matter what; and the final third wouldn’t ordinarily steal but will if given the right situation with weak or little controls. Internal control practices address that final third.
What are some key internal controls?
There must be a good segregation of duties. The same person should not be responsible for the accounting of a particular asset class and also have custody of it. For example, a single employee should not have approvals over cash and the reconciliations as well as the ability to make changes to accounts receivable or invoicing or the ability to approve payments to vendors.
We’ve seen fraud cases where employees have the ability to authorize credits on accounts receivable for returns and realize they can put a credit on their personal credit card as well. One clerk was building credits on her card to move out of the country. No
approval process was in place to ensure that the credits provided were valid and accurate.
In fraud cases there are usually underlying reasons the employee needs money: an illness in the family, addiction, or lifestyle. Changes in an employee’s lifestyle are a very common clue. One client, for example, had an employee making $50,000 a year who talked incessantly about eating at expensive restaurants. We tell clients to look for these kinds of signs where the lifestyle doesn’t match the pay grade.
Sound internal controls also minimize the possibility of employee errors. Too often fraud or errors occur because companies don’t appreciate the importance of internal controls or segregation of duties until an incident has occurred. Owners and managers may be told there’s an issue, but they can rationalize that it wouldn’t happen to them by their trustworthy employees. Plenty of stories about fraud involve trusted longtime employees that owners felt were
like family.
Don’t wait for something to happen before taking the control environment more seriously. ●
Scott Swearingen is a Partner with Moss Adams LLP. Reach him at (949) 221-4025 or [email protected]
Insights Accounting & Consulting is brought to you by Moss Adams